Re: [PATCH] x86: Lock down MSR writing in secure boot

From: Matthew Garrett
Date: Wed Feb 13 2013 - 13:51:44 EST

On Wed, 2013-02-13 at 10:44 -0800, H. Peter Anvin wrote:

> So people have piggybacked complete inappropriate junk onto
> CAP_SYS_RAWIO. Great. What the hell do we do now? We can't break
> apart CAP_SYS_RAWIO because we don't have hierarchical capabilities.

Yeah. Like I said, it's approximately useless.

> We thus have a bunch of unpalatable choices, **all of which are wrong**.
> This, incidentally, is *exactly* the reason I object to
> CAP_COMPROMISE_KERNEL as well... it describes a usage model, not a resource.

Like I said, I'm not wed to a capability-based model. However, it does
seem marginally more attractive than sprinkling if (!secure_boot) all
over the place. If anyone has alternatives, this would be a great time
to raise them.

Matthew Garrett | mjg59@xxxxxxxxxxxxx
N‹§²æìr¸›yúèšØb²X¬¶ÇvØ^–)Þ{.nÇ+‰·¥Š{±‘êçzX§¶›¡Ü}©ž²ÆzÚ&j:+v‰¨¾«‘êçzZ+€Ê+zf£¢·hšˆ§~†­†Ûiÿûàz¹®w¥¢¸?™¨è­Ú&¢)ßf”ù^jÇy§m…á@A«a¶Úÿ 0¶ìh®å’i